1. Field of the Invention
The present invention relates to a method and apparatus for verifiable generation of public keys.
2. Description of the Prior Art
When communicating in a communication system that operates over a public network, cryptographic techniques are often used to secure communications. Cryptography can provide secrecy and/or authentication through encryption and digital signatures respectively. In public key cryptographic systems, a user's key includes a private key and a mathematically related public key. It is infeasible to determine the private key given only the public key. The public keys for all entities can be published or otherwise distributed to other correspondents in the communication system.
Accepted good practices for public keys include public key validation (PKV) and proof-of-possession (POP) for the associated private key. These practices are considered to be useful tests that prevent potential abuse of public keys.
Public key validation includes testing a purported public key for conformance to its type of public key. This testing may or may not involve participation of the holder of associated private key. Public key validation helps assure that use of the purported public key is safe, provided that various other security measures are in place.
Proof of possession involves one party demonstrating to another party that it knows the private key associated with a given public key. This is often accomplished through providing a digital signature dependent upon the private key. Successful verification of the signature proves knowledge of the private key.
Neither public key validation nor proof of possession excludes the possibility that the private key was (a) stolen or (b) generated with insufficient randomness. When keys are stolen, it may contribute to identity theft, public key theft, and similar undesirable frauds. Insufficient randomness is a common problem in computers, especially smart cards and other constrained devices. Insufficient randomness can lead to guessable or duplicate private keys, which dramatically undermines security.
It is an object of the present invention to obviate or mitigate the above disadvantages.